On Thu, Dec 19, 2002 at 04:17:08AM -0800, Paul Johnson wrote:
> On Thu, Dec 19, 2002 at 04:58:53PM +1100, Rob Weir wrote:
> > Yes, there is. iptables has modules for ftp (to support non-passive
> > mode) and irc (to support dcc, etc). They're called
> > ipt_{conntrack,nat}_{irc,ftp}, IIRC.
>
> Does this work automagically once inserted, or is there some trick to
> iptables to prod it into service? I suspect the latter is true, as
> I've tried it with just inserting the modules and it didn't work as expected.
It Just Worked for me, I think. The only config options I know of is
the one that lets you specify which remotes ports are to be considered
IRC or FTP (I think it's 6666 and 6667 and 21, by default). Does
masquerading work for you in general?
> > There're no ICQ modules, because
> > a) stateful firewalling mostly obviates the need for this, and b) the
> > NetFilter folks have a policy that they won't write or support modules
> > for protocols that don't have at least one working Free client and
> > server.
>
> Someone should go tell the netfilter folks about the jabber icq server
> and the licq client sometime.
Can I point licq at the jabber icq server?
-rob
Attachment:
pgpAjrWmcEhS8.pgp
Description: PGP signature